Dolda2000 GitWeb
/
doldaconnect.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix erroneous comment.
[doldaconnect.git]
/
daemon
/
auth-krb5.c
diff --git
a/daemon/auth-krb5.c
b/daemon/auth-krb5.c
index
995acb4
..
8f19956
100644
(file)
--- a/
daemon/auth-krb5.c
+++ b/
daemon/auth-krb5.c
@@
-266,7
+266,7
@@
static void setrenew(struct krb5data *data)
data->renewtimer = timercallback(good, (void (*)(int, void *))renewcreds, data);
}
data->renewtimer = timercallback(good, (void (*)(int, void *))renewcreds, data);
}
-static int krbauth(struct authhandle *auth, char *passdata)
+static int krbauth(struct authhandle *auth,
struct socket *sk,
char *passdata)
{
int ret;
struct krb5data *data;
{
int ret;
struct krb5data *data;
@@
-305,6
+305,7
@@
static int krbauth(struct authhandle *auth, char *passdata)
if(auth->text != NULL)
free(auth->text);
auth->text = icmbstowcs((char *)error_message(ret), NULL);
if(auth->text != NULL)
free(auth->text);
auth->text = icmbstowcs((char *)error_message(ret), NULL);
+ free(msg);
return(AUTH_DENIED);
}
free(msg);
return(AUTH_DENIED);
}
free(msg);
@@
-369,8
+370,10
@@
static int krbauth(struct authhandle *auth, char *passdata)
if((ret = krb5_rd_cred(k5context, data->context, &k5d, &fwdcreds, NULL)) != 0)
{
flog(LOG_ERR, "krb5_rd_cred returned an error: %s", error_message(ret));
if((ret = krb5_rd_cred(k5context, data->context, &k5d, &fwdcreds, NULL)) != 0)
{
flog(LOG_ERR, "krb5_rd_cred returned an error: %s", error_message(ret));
+ free(msg);
return(AUTH_ERR);
}
return(AUTH_ERR);
}
+ free(msg);
if(*fwdcreds == NULL)
{
flog(LOG_ERR, "forwarded credentials array was empty (from %s)", data->username);
if(*fwdcreds == NULL)
{
flog(LOG_ERR, "forwarded credentials array was empty (from %s)", data->username);
@@
-419,7
+422,7
@@
static int opensess(struct authhandle *auth)
flog(LOG_ERR, "could not get passwd entry for forwarded tickets (user %s): %s", data->username, strerror(errno));
return(AUTH_ERR);
}
flog(LOG_ERR, "could not get passwd entry for forwarded tickets (user %s): %s", data->username, strerror(errno));
return(AUTH_ERR);
}
- if(confgetint("auth-krb5", "usedefcc"))
+ if(
!
confgetint("auth-krb5", "usedefcc"))
{
buf = sprintf2("/tmp/krb5cc_dc_%i_XXXXXX", pwent->pw_uid);
if((fd = mkstemp(buf)) < 0)
{
buf = sprintf2("/tmp/krb5cc_dc_%i_XXXXXX", pwent->pw_uid);
if((fd = mkstemp(buf)) < 0)
@@
-591,9
+594,19
@@
static void terminate(void)
static struct configvar myvars[] =
{
static struct configvar myvars[] =
{
+ /** The name of the service principal to use for Kerberos V
+ * authentication. */
{CONF_VAR_STRING, "service", {.str = L"doldacond"}},
{CONF_VAR_STRING, "service", {.str = L"doldacond"}},
+ /** The path to an alternative keytab file. If unspecified, the
+ * system default keytab will be used. */
{CONF_VAR_STRING, "keytab", {.str = L""}},
{CONF_VAR_STRING, "keytab", {.str = L""}},
+ /** Whether to renew renewable credentials automatically before
+ * they expire. */
{CONF_VAR_BOOL, "renewcreds", {.num = 1}},
{CONF_VAR_BOOL, "renewcreds", {.num = 1}},
+ /** If true, the default credentials cache will be used, which is
+ * useful for e.g. Linux kernel key handling. If false, a file
+ * credentials cache will be created using mkstemp(3), using the
+ * pattern /tmp/krb5cc_dc_$UID_XXXXXX. */
{CONF_VAR_BOOL, "usedefcc", {.num = 0}},
{CONF_VAR_END}
};
{CONF_VAR_BOOL, "usedefcc", {.num = 0}},
{CONF_VAR_END}
};